Readme by AI
This commit is contained in:
@@ -0,0 +1,35 @@
|
|||||||
|
# PoC — SAS Desktop DoS via UAC Spoofing
|
||||||
|
|
||||||
|
A Windows proof-of-concept that demonstrates how a hidden UAC elevation prompt can be used to block the Secure Attention Sequence (SAS) while a rapid desktop-switching loop prevents the user from regaining control of their session.
|
||||||
|
|
||||||
|
> **Disclaimer:** For authorised security research and CTF use only. Do not run against systems you do not own or have explicit written permission to test.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## What It Does
|
||||||
|
|
||||||
|
1. Creates a shadow desktop invisible to the user and fires a UAC elevation prompt on it. Windows holds the SAS lock for the duration of the pending prompt, meaning Ctrl+Alt+Del and the secure desktop are blocked.
|
||||||
|
|
||||||
|
2. Rapidly switches between the shadow desktop and the default desktop at full CPU speed. This thrashes the display pipeline and prevents the system from stabilising — without the UAC lock the user could recover, but with it there is no escape route left to recover into.
|
||||||
|
|
||||||
|
3. Installs a system-wide low-level keyboard hook that swallows all input. The only key that passes through is Escape, which tears everything down cleanly.
|
||||||
|
|
||||||
|
4. Plays a fullscreen looping video and pins an overlay to the bottom of the screen showing "Press Escape to Quit".
|
||||||
|
|
||||||
|
The UAC is the lock. The desktop switching is the hammer. Together they make the session unrecoverable without pressing Escape.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
- Windows 10 / 11
|
||||||
|
- Python 3.x (no third-party packages)
|
||||||
|
- Optional: mpv or VLC for the video payload
|
||||||
|
|
||||||
|
## Running
|
||||||
|
|
||||||
|
```
|
||||||
|
python poc_sas_dos.py
|
||||||
|
```
|
||||||
|
|
||||||
|
Press **Escape** to exit cleanly.
|
||||||
Reference in New Issue
Block a user